benchmarking adversarial robustness on image
play

Benchmarking Adversarial Robustness on Image Classification Yinpeng - PowerPoint PPT Presentation

Jan 24, 2024 •350 likes •417 views

Benchmarking Adversarial Robustness on Image Classification Yinpeng Dong, Qi-An Fu, Xiao Yang, Tianyu Pang, Zihao Xiao, Hang Su, Jun Zhu Dept. of Comp. Sci. and Tech., BNRist Center, Institute for AI, THBI Lab, Tsinghua University, Beijing,

  1. Benchmarking Adversarial Robustness on Image Classification Yinpeng Dong, Qi-An Fu, Xiao Yang, Tianyu Pang, Zihao Xiao, Hang Su, Jun Zhu Dept. of Comp. Sci. and Tech., BNRist Center, Institute for AI, THBI Lab, Tsinghua University, Beijing, 100084, China Contact: dyp17@mails.tsinghua.edu.cn; fqa19@mails.tsinghua.edu.cn

  2. Adversarial Examples An adversarial example is crafted by adding a small perturbation, which is visually indistinguishable from the corresponding normal one, but yet are misclassified by the target model. Alps: 94.39% Dog: 99.99% There is an “arms race” between attacks and defenses, making it hard to understand their effects. Puffer: 97.99% Crab: 100.00% Figure from Dong et al. (2018). Attacks Defenses Adaptive attacks [Athalye et al., 2018] Randomization, denoising [Xie et al., 2018; Liao et al., 2018] Optimization-based attacks [Carlini and Wagner, 2017] Defensive distillation [Papernot et al., 2016] Iterative attacks[kurakin et al., 2016] Adversarial training with FGSM [Kurakin et al., 2015] One-step attacks [Goodfellow et al., 2014] 2

  3. Robustness Benchmark n Threat Models: we define complete threat models n Attacks: we adopt 15 attacks n Defenses: we adopt 16 defenses on CIFAR-10 and ImageNet n Evaluation Metrics: • Accuracy (attack success rate) vs. perturbation budget curves • Accuracy (attack success rate) vs. attack strength curves 3

  4. Evaluation Results on CIFAR-10 ℓ " norm; untargeted attacks; white-box; accuracy curves 4

  5. Platform: RealSafe • We developed a new platform for adversarial machine learning research called RealSafe focusing on benchmarking adversarial robustness on image classification correctly & efficiently. • Available at https://github.com/thu-ml/realsafe (Scan the QR code for this URL). Feature highlights: • Modular implementation, which consists of attacks, models, defenses, datasets, and evaluations. • Support tensorflow & pytorch models with the same interface. • Support 11 attacks & many defenses benchmarked in this work. • Provide ready-to-use pre-trained baseline models (8 on ImageNet & 8 on CIFAR10). • Provide efficient & easy-to-use tools for benchmarking models with the 2 robustness curves. 5

  6. Thanks

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Adversarial Robustness: Theory and Practice Zico Kolter Aleksander Mdry madry-lab.ml

Adversarial Robustness: Theory and Practice Zico Kolter Aleksander Mdry madry-lab.ml

Adversarial Robustness: Theory and Practice Zico Kolter Aleksander Mdry madry-lab.ml Tutorial website: @zicokolter @aleks_madry adversarial-ml-tutorial.org Machine Learning: The Success Story Image classification Reinforcement Learning

528 views • 49 slides
Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training Xi Wu

Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training Xi Wu

Reinforcing Adversarial Robustness using Model Confidence Induced by Adversarial Training Xi Wu xiwu@cs.wisc.edu Joint work with Uyeong Jang, Jiefeng Chen, Lingjiao Chen, and Somesh Jha July 19, 2018 Xi Wu Model Confidence and Adversarial

740 views • 9 slides
Adversarial Training and Robustness for Multiple Perturbations Poster #87 Florian Tramr &

Adversarial Training and Robustness for Multiple Perturbations Poster #87 Florian Tramr &

Adversarial Training and Robustness for Multiple Perturbations Poster #87 Florian Tramr & Dan Boneh NeurIPS 2019 Adversarial examples 88% Tabby Cat 99% Guacamole Szegedy et al., 2014 Goodfellow et al., 2015 Athalye, 2017 Adversarial

564 views • 23 slides
Adversarial Domain Adaptation and Adversarial Robustness Judy Hoffman + = Big Deep success

Adversarial Domain Adaptation and Adversarial Robustness Judy Hoffman + = Big Deep success

Adversarial Domain Adaptation and Adversarial Robustness Judy Hoffman + = Big Deep success data learning Benchmark Performance 100 95 Accuracy 90 85 Millions of Images 80 Deep models 75 Challenge to recognize 1000

1.2k views • 60 slides
Improving Adversarial Robustness via Promoting Ensemble Diversity Tianyu

Improving Adversarial Robustness via Promoting Ensemble Diversity Tianyu

Improving Adversarial Robustness via Promoting Ensemble Diversity Tianyu Pang, Kun Xu, Chao Du, Ning Chen and Jun Zhu Department of Computer Science and Technology Tsinghua University TSAIL ICML | 2019 Adversarial

864 views • 14 slides
Adversarial Approaches to Bayesian Learning and Bayesian Approaches to Adversarial Robustness

Adversarial Approaches to Bayesian Learning and Bayesian Approaches to Adversarial Robustness

Adversarial Approaches to Bayesian Learning and Bayesian Approaches to Adversarial Robustness Ian Goodfellow, OpenAI Research Scientist NIPS 2016 Workshop on Bayesian Deep Learning Barcelona, 2016-12-10 Speculation on Three Topics Can we

769 views • 21 slides
Limits on Robustness to Adversarial Examples Elvis Dohmatob Criteo AI Lab October 2, 2019 Elvis

Limits on Robustness to Adversarial Examples Elvis Dohmatob Criteo AI Lab October 2, 2019 Elvis

Preliminaries on adversarial robustness Classifier-dependent lower bounds Universal lower bounds Limits on Robustness to Adversarial Examples Elvis Dohmatob Criteo AI Lab October 2, 2019 Elvis Dohmatob Limits on Robustness to Adversarial

763 views • 74 slides
Adversarial Robustness for Code Pavol Bielik , Martin Vechev pavol.bielik@inf.ethz.ch,

Adversarial Robustness for Code Pavol Bielik , Martin Vechev pavol.bielik@inf.ethz.ch,

ICML 2020 Adversarial Robustness for Code Pavol Bielik , Martin Vechev pavol.bielik@inf.ethz.ch, martin.vechev@inf.ethz.ch Department of Computer Science 1 Adversarial Robustness panda gibbon Vision + = Explaining and Harnessing

429 views • 32 slides
Certified Adversarial Robustness via Randomized Smoothing Jeremy Cohen Elan Rosenfeld

Certified Adversarial Robustness via Randomized Smoothing Jeremy Cohen Elan Rosenfeld

Certified Adversarial Robustness via Randomized Smoothing Jeremy Cohen Elan Rosenfeld Zico Kolter Carnegie Mellon University Introduction We study a certified adversarial defense in " norm which scales to ImageNet

1.5k views • 12 slides
On the Connection Between Adversarial Robustness and Saliency Map Interpretability Christian

On the Connection Between Adversarial Robustness and Saliency Map Interpretability Christian

On the Connection Between Adversarial Robustness and Saliency Map Interpretability Christian Etmann , 1 , 3 , Sebastian Lunz , 2 , Peter Maass 1 , Carola-Bibiane Sch onlieb 2 13th June, 2019 1: ZeTeM, University of Bremen, 2: Cambridge

673 views • 19 slides
Adversarial Robustness of Machine Learning Models for Graphs Prof. Dr. Stephan Gnnemann

Adversarial Robustness of Machine Learning Models for Graphs Prof. Dr. Stephan Gnnemann

Adversarial Robustness of Machine Learning Models for Graphs Prof. Dr. Stephan Gnnemann Department of Informatics Technical University of Munich 28.10.2019 Adversarial Robustness of Machine Learning Models for Graphs S. Gnnemann Can you

669 views • 27 slides
ON THE ADVERSARIAL ROBUSTNESS OF UNCERTAINTY AWARE DEEP NEURAL NETWORKS APRIL 29 TH , 2019

ON THE ADVERSARIAL ROBUSTNESS OF UNCERTAINTY AWARE DEEP NEURAL NETWORKS APRIL 29 TH , 2019

ON THE ADVERSARIAL ROBUSTNESS OF UNCERTAINTY AWARE DEEP NEURAL NETWORKS APRIL 29 TH , 2019 PREPARED BY: ALI HARAKEH QUESTION Can a neural network mitigate the effects of adversarial attacks by estimating the uncertainty in its predictions ?

1.14k views • 26 slides
Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks

Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks

Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks presented at Canadian AI 2020 Mahdieh Abbasi 1 , Arezoo Rajabi 2 , Christian Gagn 1,3 , and Rakesh B. Bobba 2 1. IID, Universit Laval, Qubec,

728 views • 20 slides
CVPR 2020 Universal Adversarial Attacks Image agnostic and transferable across networks

CVPR 2020 Universal Adversarial Attacks Image agnostic and transferable across networks

1 1,4 2,3 2 3 4 1 CVPR 2020 Universal Adversarial Attacks Image agnostic and transferable across networks Adversarial No defense: Baseline DNN perturbation Input image Classification Feature extraction dense Perturbed image

592 views • 6 slides
Adversarial Robustness for Aligned AI Ian Goodfellow, Sta ff Research NIPS 2017 Workshop on

Adversarial Robustness for Aligned AI Ian Goodfellow, Sta ff Research NIPS 2017 Workshop on

Adversarial Robustness for Aligned AI Ian Goodfellow, Sta ff Research NIPS 2017 Workshop on Aligned Artificial Intelligence Many thanks to Catherine Olsson for feedback on drafts The Alignment Problem (This is now fixed. Dont try it!)

626 views • 30 slides
Certified Robustness to Adversarial Examples with Di ff erential Privacy Mathias Lcuyer,

Certified Robustness to Adversarial Examples with Di ff erential Privacy Mathias Lcuyer,

Certified Robustness to Adversarial Examples with Di ff erential Privacy Mathias Lcuyer, Vaggelis Atlidakis, Roxana Geambasu, Daniel Hsu, Suman Jana Columbia University Code: https://github.com/columbia/pixeldp Contact:

680 views • 48 slides
S WEST COAST MARINE TOURISM COLLABORATION S WELCOME FROM WCMTC STEERING GROUP S Fiona McPhail,

S WEST COAST MARINE TOURISM COLLABORATION S WELCOME FROM WCMTC STEERING GROUP S Fiona McPhail,

WEST COAST MARINE TOURISM COLLABORATION SUMMIT 10 JANUARY 2019 SAMS OBAN S WEST COAST MARINE TOURISM COLLABORATION S WELCOME FROM WCMTC STEERING GROUP S Fiona McPhail, Tighnabruaich Sailing School, Argylls Secret Coast and AITC S Steven

1.55k views • 116 slides
Kindergarten to Sec Kindergarten to Second Grade ond Grade Task & T ask & Teacher Analy

Kindergarten to Sec Kindergarten to Second Grade ond Grade Task & T ask & Teacher Analy

Kindergarten to Sec Kindergarten to Second Grade ond Grade Task & T ask & Teacher Analy eacher Analysis sis Task: C ask: Constructiv onstructive c e con onversations about ersations about Grade L Grade Level: 1 el: 1

319 views • 5 slides
Kindergarten to Second Grade Interpreting Student Work Task: Constructive conversations about

Kindergarten to Second Grade Interpreting Student Work Task: Constructive conversations about

Kindergarten to Second Grade Interpreting Student Work Task: Constructive conversations about Grade Level: 1 predicted animal adaptations Subject: Science/ELA Source: Understanding Language What do you do when something wants to eat you? by

70 views • 5 slides
Kindergarten to Second Grade Planning Instruction to Support Students Task: Constructive

Kindergarten to Second Grade Planning Instruction to Support Students Task: Constructive

Kindergarten to Second Grade Planning Instruction to Support Students Task: Constructive conversations about Grade Level: 1 predicted animal adaptations Subject: Science/ELA Source: Understanding Language What do you do when something wants

251 views • 7 slides
Data Quality Challenges ACM JDIQ EiC Open Knowledge Networks (Biomedicine) Data

Data Quality Challenges ACM JDIQ EiC Open Knowledge Networks (Biomedicine) Data

Data Quality Challenges ACM JDIQ EiC Open Knowledge Networks (Biomedicine) Data Science for Finance (DSfin) Louiqa Raschid Smith School of Business Computer Science and UMIACS Technical Review of Data Quality Provenance

482 views • 19 slides
14 Gb/s AC Coupled Receiver in 90 nm CMOS Masum Hossain & Tony Chan Carusone University of

14 Gb/s AC Coupled Receiver in 90 nm CMOS Masum Hossain & Tony Chan Carusone University of

14 Gb/s AC Coupled Receiver in 90 nm CMOS Masum Hossain & Tony Chan Carusone University of Toronto masum@eecg.utoronto.ca OUTLINE Chip-to-Chip link overview AC interconnects Link modelling ISI & sensitivity AC

665 views • 37 slides
Lecture 14: LPC speech synthesis and autocorrelation- based pitch tracking ECE 417, Multimedia

Lecture 14: LPC speech synthesis and autocorrelation- based pitch tracking ECE 417, Multimedia

Lecture 14: LPC speech synthesis and autocorrelation- based pitch tracking ECE 417, Multimedia Signal Processing October 10, 2019 Outline The LPC-10 speech synthesis model Autocorrelation-based pitch tracking Inter-frame

768 views • 37 slides
Laser test progress in Prague Peter Kody, Zden k Doleal, Jan Bro, Peter Kvasni ka,

Laser test progress in Prague Peter Kody, Zden k Doleal, Jan Bro, Peter Kvasni ka,

Charles University Prague Charles University Prague Institute of Particle and Nuclear Physics Institute of Particle and Nuclear Physics Laser test progress in Prague Peter Kody, Zden k Doleal, Jan Bro, Peter Kvasni ka, Pavel

497 views • 20 slides

More recommend